• Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are recognized.
• There is a selected leader for risk management, engaged with the enterprise risk committee, across the enterprise.
• The business knows how IT fits in the enterprise risk universe and the risk portfolio view.
• Local tolerances drive the enterprise risk tolerance.
• Risk management activities are being aligned across the enterprise.
• Formal risk categories are identified and described in clear terms.
• Situations and scenarios are included in risk awareness training beyond specific policy and structures and promote a common language for communicating risk.
• Defined requirements exist for a centralized inventory of risk issues.
• Workflow tools are used to accelerate risk issues and track decisions.

Incorrect Answers:
C: Enterprise having risk management capability maturity level 5 requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals.